The book is organized around three main themes, Enterprise systems, E-business and Controls and how these systems and the controls for these systems related to the study of accounting of information systems. Below are definitions and examples of these three themes:
Enterprise Systems Software that integrates the business processes from all the functional area like marketing, accounting etc
E-Business - using electronic networks including the internet to conduct business
Controls - measures taken to ensure effectiveness, efficiency of business processes; compliance with the law; and reliable reporting
On May 24, 2007, the PCAOB voted to adopt Auditing Standard No. 5 (AS5), which replaces the previous internal control Auditing Standard No. 2 (AS2). AS5 is designed to "increase the likelihood that material weaknesses in internal control will be found before they result in material misstatement of a company's financial statements, and, at the same time, eliminate procedures that are unnecessary." (2007 SmartPros Ltd.) AS5 can be used by auditors following SEC approval. AS5 and Rule 3525, and conforming amendments, would be required for all internal control audits for fiscal years ending on or after 11/15/07.
Also on May 24, 2007, the SEC revised its standards for corporate audits. One of the most concrete changes is that the "S.E.C. will now require a company to get an outside auditor's formal opinion on whether its financial controls are working. Previously, companies were required to have outside auditors evaluate the quality of the assessment process as well." (The New York Times, May 24, 2007) The vote by the SEC paved the way for a more relaxed set of guidelines on smaller companies, i.e., market value of less than $75 million.
Challenges and Opportunities:
It is a fair question to ask why we are going through the financial expense and intellectual challenge of learning about flowcharts, internal controls, and transaction cycles. The answer is simple - GAAS requires it! The first of the General Standards requires the auditor to have "adequate technical training and proficiency" [AU 210]; the first of the Field Work Standards requires that "the work is to be adequately planned" [AU 310]; and the second standard of Field Work requires that an "understanding of internal controls is to be obtained to plan the audit" [AU 319]. The best evidence we can give the PCAOB / peer review examiner that we have conducted a competent audit is a high level of professionally prepared documentation. And the classroom is the least stressful place to learn how to do that.
Being a CPA is much different today then it was 20 years, 10 years or even 5 years ago. Instead of the green eye-shaded bean counter, accountants today have much more dynamic roles. Not only has the role of the accountant changed but the environment in which accountants work has changed and continues to change rapidly. This rapid change in business environments, driven by Information Technology, does not appear to be slowing down. Thus presenting the CPA of today and tomorrow with new challenges and opportunities.
These opportunities are described below:
The designation of the Certified Information Technology Professional ("CITP") is for CPA's who have the knowledge and skills in accounting combined with the knowledge of information systems. The following web page includes the overview of the CITP credential.
Broad View of AIS:
The AIS wheel consists of 10 elements, these can be defined as:
Technology--This is the primary basis for the construction of the AIS. Technological developments are the main determinant in the evolution of enterprise systems and E-businesses. Here is a document listing the AICPA's Top 10 technology list for 2007:
Databases--Important areas in this element are data collection and storage, data retrieval and analysis, which are used for management decisions and internal and external audits.
Reporting--The AIS needs to provide reports which are either required, or used to suit the requests of the systems users. These reports are often generated through report generating tools (canned reports within the AIS) or though using query language (SQL, design views in the report menus).
Control--This is important to the AIS, as it ensures that the system is doing what management has intended for it to do. The controls will place limits on the responsibility of individual users, help with compliance with various regulatory agencies, and ensure the functionality of the business processes placed within the AIS. In addition to the "CITP" mentioned above the Information Systems Audit and Control Association (ISACA) issues certifications for information systems auditors http://www.isaca.org/.
Business Operations--The functions carried on by the employees and their respective departments. These departments create the majority of inputs that are in an AIS.
Events Processing--This is primarily the data that is put into the AIS which is used to describe and monitor the business operations of the company.
Management Decision Making--The AIS must be able to provide a wide variety of options to suit the requests and preferences of many different managers. Hopefully, the system is also an "intelligent" system, which, to some extent, can anticipate the manager's requests and assist the manager in the decision making process beyond the presentation of information.
Systems Development and Operation--For the AIS to be successful, it must be properly designed, implemented, and operated. This is usually a joint effort of systems users, accountants/consultants, as well as the programmers.
Communications--The ability to effectively communicate orally and through writing in order to explain the system and the results it generates.
Accounting and Auditing Principles--The system must be created to follow proper accounting procedures, and with the understanding that the system will be subjected to periodic audits.
Narrow View of AIS:
Here we focus on the accounting information system itself (the database, the ERP system, the information system)
Systems and Subsystems -- Group of elements that are formed and interact to achieve goals or objectives.
Information Systems Model
Management Information System -- Computer-based or manual system that transforms data into information useful in the support of decision making. MIS can be classified as performing three functions:(1) To generate reports.(2) To answer what-if questions asked by management. (3) To support decision making.
Accounting Information System -- Subsystem of MIS that processes financial transactions to provide (1) internal reporting to managers for use in planning and controlling current and future operations and for nonroutine decision making; (2) external reporting to outside parties such as to stockholders, creditors, and government agencies.
----
Logical Model of a Business Process:
Management Uses of Information:
Information System (IS)
Mirrors and monitors through processing, recording, and reporting business events.
Support management activities to make positive management decisions.
Recognize and Adapt
Data vs Information:
Data are facts or figures in raw form which must be converted into information that is meaningful and useful in decision making.
A function of an Information system is to convert data into information.
Qualities of Information:
Statement of Financial Accounting Concepts No 2: Qualitative Characteristics of Accounting Information
Understandability - the user comprehends the information and its significance.
Timeliness - information being available for a decision on or before it no longer has value or is "out of date".
Predictive Value - improve a decision maker's capacity to predict, confirm, earlier expectations.
Feedback Value - the same as predictive value - offer a "feedback loop" in order to make improvements with future decisions
Verifiability - Information that is measured by independent parties with similar outcomes.
Neutrality (freedom from Bias) - ability to be objective.
Comparability - being able to distinguish similarities and differences between two pieces of information.
Consistency - information that is the same, when compared from the same object or event collected at two points in time.
Accuracy - Information that represents the actual events or objects as represented in the information system.
Completeness - the degree that all information intended to be included is represented in the information system. ----
Management Decision Making:
Herbert Simon - 3 step Process
Intelligence - searching for areas which require a decision
Design - analyzing the alternatives
Choice - making the actual decision - choosing one of the alternatives
Operational Management Requirements
Tactical Management Requirements
Strategic Management Requirements
Vertical information flows - information that transcends departmental divisions within an organization. For example, a 12 Month Profit and Loss Statement completely processed by a Staff Accountant (within the Accounting Department) flows to the Vice President of Operations (upper Management) enabling him/her to budget for Future operating periods.
Horizontal information flows - information that generally flows within one department or unit of an organization. For example, invoices received and processed by the Accounts payable team member(s) within the Accounting department will be summarized/included in the bottom line of the periodical financials prepared and distributed by the Staff Accountant/Accounting Manager within the Accounting department of the Organization.
Structured vs Unstructured http://www.intelligententerprise.com/db_area/archives/1999/991409/feat1.jhtml
Main Themes:
The book is organized around three main themes, Enterprise systems, E-business and Controls and how these systems and the controls for these systems related to the study of accounting of information systems. Below are definitions and examples of these three themes:Enterprise Systems Software that integrates the business processes from all the functional area like marketing, accounting etc
E-Business - using electronic networks including the internet to conduct business
Controls - measures taken to ensure effectiveness, efficiency of business processes; compliance with the law; and reliable reporting
On May 24, 2007, the PCAOB voted to adopt Auditing Standard No. 5 (AS5), which replaces the previous internal control Auditing Standard No. 2 (AS2). AS5 is designed to "increase the likelihood that material weaknesses in internal control will be found before they result in material misstatement of a company's financial statements, and, at the same time, eliminate procedures that are unnecessary." (2007 SmartPros Ltd.) AS5 can be used by auditors following SEC approval. AS5 and Rule 3525, and conforming amendments, would be required for all internal control audits for fiscal years ending on or after 11/15/07.
Also on May 24, 2007, the SEC revised its standards for corporate audits. One of the most concrete changes is that the "S.E.C. will now require a company to get an outside auditor's formal opinion on whether its financial controls are working. Previously, companies were required to have outside auditors evaluate the quality of the assessment process as well." (The New York Times, May 24, 2007) The vote by the SEC paved the way for a more relaxed set of guidelines on smaller companies, i.e., market value of less than $75 million.
Challenges and Opportunities:
It is a fair question to ask why we are going through the financial expense and intellectual challenge of learning about flowcharts, internal controls, and transaction cycles. The answer is simple - GAAS requires it! The first of the General Standards requires the auditor to have "adequate technical training and proficiency" [AU 210]; the first of the Field Work Standards requires that "the work is to be adequately planned" [AU 310]; and the second standard of Field Work requires that an "understanding of internal controls is to be obtained to plan the audit" [AU 319]. The best evidence we can give the PCAOB / peer review examiner that we have conducted a competent audit is a high level of professionally prepared documentation. And the classroom is the least stressful place to learn how to do that.Being a CPA is much different today then it was 20 years, 10 years or even 5 years ago. Instead of the green eye-shaded bean counter, accountants today have much more dynamic roles. Not only has the role of the accountant changed but the environment in which accountants work has changed and continues to change rapidly. This rapid change in business environments, driven by Information Technology, does not appear to be slowing down. Thus presenting the CPA of today and tomorrow with new challenges and opportunities.
These opportunities are described below:
The designation of the Certified Information Technology Professional ("CITP") is for CPA's who have the knowledge and skills in accounting combined with the knowledge of information systems. The following web page includes the overview of the CITP credential.
Broad View of AIS:
The AIS wheel consists of 10 elements, these can be defined as:Narrow View of AIS:
Here we focus on the accounting information system itself (the database, the ERP system, the information system)----
Logical Model of a Business Process:
Management Uses of Information:
Information System (IS)
Mirrors and monitors through processing, recording, and reporting business events.
Support management activities to make positive management decisions.
Recognize and Adapt
Data vs Information:
Data are facts or figures in raw form which must be converted into information that is meaningful and useful in decision making.
A function of an Information system is to convert data into information.
Qualities of Information:
Statement of Financial Accounting Concepts No 2: Qualitative Characteristics of Accounting Information
Management Decision Making:
- Herbert Simon - 3 step Process
Intelligence - searching for areas which require a decisionDesign - analyzing the alternatives
Choice - making the actual decision - choosing one of the alternatives
- Operational Management Requirements
- Tactical Management Requirements
- Strategic Management Requirements
Vertical information flows - information that transcends departmental divisions within an organization. For example, a 12 Month Profit and Loss Statement completely processed by a Staff Accountant (within the Accounting Department) flows to the Vice President of Operations (upper Management) enabling him/her to budget for Future operating periods.Horizontal information flows - information that generally flows within one department or unit of an organization. For example, invoices received and processed by the Accounts payable team member(s) within the Accounting department will be summarized/included in the bottom line of the periodical financials prepared and distributed by the Staff Accountant/Accounting Manager within the Accounting department of the Organization.
Structured vs Unstructured http://www.intelligententerprise.com/db_area/archives/1999/991409/feat1.jhtml